digg

Facebook Connect Join Digg About

New Surveillance Tool Silently Enabled in Firefox

weblogs.mozillazine.org The Mozilla Team has silently turned on a new feature in Forefox called "<a ping>" that will allow Web site operators to silently conduct surveillance on Firefox users' browsing activity. This new "feature" will cause Firefox to notify any server, or a whole list of servers, when you click a link.

Who dugg this? Made popular Jan 18, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

79 Comments

show profanity settings
expand all
  • tempusrob, on 10/12/2007, -0/+8In other news, the HTTP spec contains a "302 Redirect" surveillance tool. More at 11.

    We interrupt this program to report that XMLHttpRequest can send arbitrary user data, including keystrokes, back to the server. Details as they emerge.

    In a shocking new revelation, cookies can be used to record browsing habits. Authorities in riot gear seen preparing in cities across the world.


    Please. Could this crap get any more sensationalist?
  • gbm85, on 10/12/2007, -0/+3If it's not in about:config I give it 2 days before someone puts disabling functionality into an extension. That's the beauty of open-source ;)
  • MasteRR, on 10/12/2007, -0/+2No way to stop it? I'm sure you can disable it just like any other feature in Firefox.
  • panthar, on 10/12/2007, -0/+2There will be an option to disable this feature, and also, when you hover over the link, it will show that it has a ping in the statusbar next to where the URL currently appears.
  • Mooseknuckle, on 10/12/2007, -0/+2Seriously ... submitter needs to be bitchslapped.

    This anchor attribute is going to make our browsing life easier if anything... No more weird redirects, or complex javascript.

    Let me tell you ... If you haven't worked for a large company with a marketing department, listen up... Those goons in marketing are gunna get their stats one way or another... this ping attribute just makes it easier on us webdevelopers to get the job done, and makes it more seemless for the end user.

    I'm glad most readers are perspicacious enough to understand that thhis isn't spyware, or mozilla devs trying to me sneaky ...

  • elfjuice, on 10/12/2007, -0/+2Steve and I are convinced that this is a back door, placed in Firefox by Microsoft. There is no other logical explanation. Right Steve?... Mr. Gibson???
  • lord2800, on 10/12/2007, -0/+1@Mooseknuckle:

    "Complex" JavaScript? What version of JavaScript are YOU looking at? As far as I can tell, a simple onclick redirect or an XMLHttpRequest call would do the job just great.
  • ozydingo, on 10/12/2007, -1/+2@dognose

    NO WAY!!! THEY NO WAT LINK I CLIKED ON!?? THAT SHULD B ILLEGL!!! THAT'S SPYING MAN!!! WATS IP???
  • TheRealStyro, on 10/12/2007, -1/+2Nope. Don't like it one bit.

    I have studied web-dev and knowledgeable about cookies, tracking and marketing. I block cookies when there is no reason for them to be used. I block refer tags when I can because there is no need for someone to know what other sites I have visited.

    I understand marketing, but I want to participate only when I think there is a good reason. I do not want to be given discounts, coupons, freebies and other trash for what I consider an invasion of privacy (whether you believe privacy is a right, entitlement or privilege is your own opinion).

    Sending out a/many pings when clicking on a link doesn't sound to me like a big deal. However, I want to be given the choice on the matter. Freedom of choice is a human right that should not be revocable.
  • Ramble, on 10/12/2007, -0/+1This isn't a 'Firefox serveillance tool' per se.
    is completely up to the web developer on whether they should use it or not. it's simply another element.
    And i'm sure it's in about:config anyway.
  • elfguy, on 10/12/2007, -0/+1My god can we stop the sensasionalism? This headline is even worse than the Slashdot one, pure lies, and has nothing to do with reality. There's a new W3C standard which is the optional "ping" parameter for links, which allows referal links. Firefox is the first to add it, to the DEVELOPMENT branch, because it's a standard. Of course, there's an option to disable it if you want. And it's not even sure it will ever make it to the release branch anyways. But go ahead and continue with the conspiracy theories since you love it so much.
  • KriLL3.2™, on 10/12/2007, -0/+0TheRealStyro: read the comments, it's an option in the settings... you do have a choice.
  • Saoshyant, on 10/12/2007, -0/+0THIS IS *****, MOZILLA IS NOT GIVING AWAY YOUR PRIVACY, PLEASE STOP ALL THIS INSANITY AROUND THE INTERNET. Caps for emphasis.

    People, please understand this ping attribute is not a big deal at all. The only wrong thing you can see in it, is that it's pretty much useless aside the speed-up it gives by not using a redirect on the server-side.

    For those who don't understand and are making a fuss about privacy concerns, what you think the ping attribute will do ALREADY HAPPENS RIGHT NOW IN ANY BROWSER AND YOU CANNOT DISABLE IT; it's called logs and tracking cookies. One who understands how the Web works, as to be pretty tinfoil to see the ping attribute as a bad thing.

    This is a bad thing though, but only because it changes the HTML specs. That and that only alone is the big problem of this, and end-users don't really care about how much the HTML specs gets hacked or not.

    P.S: The ping attribute can be disabled anyway, and moreover it's only added to the Firefox Developer build so far. Please don't turn digg into another slashdot, where every idiot, er, user there thinks they are an expert on whatever random subject they just read.
  • falloutsyndrome, on 10/12/2007, -0/+0Whenever firefox crashes (very rarely) IT sends out trackerui.dll to firefox, I'm not worried. You guys are paranoid. Besides if you weren't doing bad things to begin with you wouldn't be so affraid of being watched.
  • harshbarj, on 10/12/2007, -0/+0Lame. Title is misleading. not a "silent" feature at all. and I agree with phntm, It's not surveillance at all.
  • euphoria, on 10/12/2007, -0/+0First of all, it's going to be an option, it's in the *next* version of Firefox which isn't even close yet, and it just solves the problem of having web pages already redirect users and track things a fishy way, by making it more obvious and using less resources. IMO, a good thing all around.
  • lord2800, on 10/12/2007, -0/+0"Look at the way that google handles its links ... they have an onmousedown listener to actually modify the target of the links ... That might not sound complex to you, but it's a lot more complex than a ping attribute..."

    Umm, not really. Perhaps for your Average Joe Schmoe who knows nothing of (X)HTML and/or JavaScript, but not to even an intermediate developer.

    "XMLHttpRequests are not "Simple" to the average joeschmoe web developer either. I guess you can just cut-n-paste working code for AJAX, but does the guy who did that understand what every individual piece is doing? probably not ..."

    That guy should not be designing a web site that tracks visitor links anyway. His time would be better spent learning about HOW such technologies work instead of trying to fuss with cut'n'paste code.

    "This ping attribute VASTLY simplifies many odd techniques I've seen out there."

    Yes, indeed it does. That does not mean that those techniques are terribly difficult to implement in another methodology, however. A simple example:

    Inside of index.html:




    Untitled Document


    some link



    Inside sometracker.html:





    window.location='somelink.html';

    Untitled Document



    you should never see this



    That's a simple example, and could easily be modified with a server-side script or even cookie setting to track the next page and go there. Really, this is not a difficult concept.
  • Chewie67, on 10/12/2007, -0/+0I like it.

    As the site says, most major web sites hack some way to get this information anyway, and you can't shut that off. What's the big deal?
  • MrPhelps, on 10/12/2007, -0/+0Meh ... if it's part of the spec then implement it, and provide a way to disable it.
  • joel2600, on 10/12/2007, -0/+0websites have always been able to track who you are and what you are clicking on by any number of means that they can develop.

    if they put this in the page code, this is easily disabled by the users using a script or extension... so then the users have control of whether or not this information is sent out, where they did not in the past....

    also, what everyone else said .... -digg
  • inactive, on 10/12/2007, -0/+0Big brother is always watching.
    You should know that, this article is irrelevant.
  • bloodylip, on 10/12/2007, -1/+1"There will be an option to disable this feature, and also, when you hover over the link, it will show that it has a ping in the statusbar next to where the URL currently appears."

    But who is to stop the web developer from changing the status bar text to prevent you from seeing it?
  • mooninite, on 10/12/2007, -2/+2Misleading title. No digg. Reported as lame.
  • ihaterobots, on 10/12/2007, -0/+0there's a thousand ways to trigger communication to a server when a user clicks a link. both visible and hidden communication, for that matter.

    this is simply a convenience tool for web devs. It will NOT change what site creators can and can not track.
  • lord2800, on 10/12/2007, -0/+0*sighs*
    Yay for a lack of [code] tags! Never mind anyway, the PoC code is easy to imagine and even easier to implement.
  • fleetskeet, on 10/12/2007, -0/+0Please don't feed the trolls by digging this FUD crap.
  • aliendave, on 10/12/2007, -0/+0Oh my god... they can notify a server when I click a link?! Nooooo! Anything but that!
  • MikeZila, on 10/12/2007, -0/+0You think there wasn't a way to do exactly this before this FireFox element came around?

    There was, and there will continue to be long after you install an extension to disable this, should your paranoid mind instruct you to do so.

    Reported as lame.
  • inactive, on 10/12/2007, -0/+0ping in a href tag is w3c standart and anyhow related to silent surveillance
  • aractor, on 10/12/2007, -1/+1...Not really a surveillance tool per say. From the sound of the article it isn't that big of a deal, except to attempt to speed up web page loading.
  • Fergy, on 10/12/2007, -0/+0Please everybody look at the fool list down below at "who dugg this?"
  • Brightside, on 10/12/2007, -0/+0Good thing I wrapped my router and cable modem with tinfoil.

    But in all seriousness, who cares.
  • dasch, on 10/12/2007, -0/+0Reported as lame: Please stop the sensationalist tabloid-style stories. This is *not* survaillance, it's simple tracking, and it's been done with JavaScript for ages. At least this way, it's easier configure to what extent you want to be tracked, and you could even turn it off completely. It's a step in the *right* direction.
  • Turtle502, on 10/12/2007, -0/+0"Freaking submitters."

    ...coming from somebody with one article submitted.

    No digg anyway.
  • inactive, on 10/12/2007, -0/+0This is no different than having a 1-pixel image that contacts some server. In fact, this is better - I can filter out the tag if I want so that FireFox enver phones home to whatever server(s) the webmaster has setup.

    This is just sensationalistic and stupid. This just goes to further illustrate that the Digg population will digg anything with a wild title. Take the milliondollarhomepage ransom for example. Out of multiple submissions, the one that makes it to the front page with over a thousand diggs is the one with lots of capitalization, exclamation points and sensationalism.
  • MoeB, on 10/12/2007, -0/+0***** i was hacked!
  • dognose, on 10/12/2007, -0/+0In other news: Every time you click on a link, a webserver is contacted and information such as your IP and which link you clicked on are sent to it.

    Seriously, why is this a problem?
  • ozydingo, on 10/12/2007, -0/+0I have no direct experience with the issue that the ping is supposed to solve, but it's not hard to envision up how it's being done without it:

    <a href=target.html onmousedown="javascript:this.href='spy.php?goto=target.html' ">Link text</a>

    where spy.php reports the click and redirects you to the url specified in the goto variable.

    submitter and anyone who thinks this is a sneaky move by the developers to allow spying on our activities need to get af ucking clue. If anything, this ping attribute is a better case for you privacy nuts since it can be easily disabled.
  • halophoenix, on 10/12/2007, -0/+0Not only is it not "enabled" in firefox, it's PLANNED for the Firefox 2.0 alpha, and the Firefox foundation has already responded explaining the problem. Wow-sensationalism wins again!

    Reported as lame.
  • Pottersquash, on 10/12/2007, -1/+1Its amazing that certian names are always given the benefit of the doubt, If it was IE that turned on a new ping feature we would be screaming the evil of Microsoft, yet if Firefox, Apple, or Linux is mention reason is suddenly found....
  • Mooseknuckle, on 10/12/2007, -0/+0Lord2800:

    Look at the way that google handles its links ... they have an onmousedown listener to actually modify the target of the links ... That might not sound complex to you, but it's a lot more complex than a ping attribute...

    XMLHttpRequests are not "Simple" to the average joeschmoe web developer either. I guess you can just cut-n-paste working code for AJAX, but does the guy who did that understand what every individual piece is doing? probably not ...

    This ping attribute VASTLY simplifies many odd techniques I've seen out there.
  • udha, on 10/12/2007, -0/+0Nice to see firefox adpopting standards so rapaidly, anyone who thinks this is a security concern, well, just go back to IE, we won't miss you.
  • Guspaz, on 10/12/2007, -0/+0It is so trivial to do this (in the critical path) already with any browser. All this does is moves it OUT of the critical path.

    This digg is totally sensationalist; reported as lame.
  • Uriah, on 10/12/2007, -0/+0As long as this tag doesn't offer any additional system information, I don't see how this is any different from sites loading an invisible 1x1 GIF or similar.
  • jp10558, on 10/12/2007, -0/+0 ALREADY HAPPENS RIGHT NOW IN ANY BROWSER AND YOU CANNOT DISABLE IT : LOL.

    Of course you can disable it, it's just not easy. Heck route your browser through proxomitron with a decent filterset and TOR, and bam - nothing to track there.
  • wazoo, on 10/12/2007, -0/+0WHO THE ***** CARES!
    Administrators can already track your browsing stats. Stop posting usless ***** on here, its ruining this website.
  • Vektuz, on 10/12/2007, -0/+0propoganda instead of factual title and summary - reported as lame.
  • axessterminated, on 10/12/2007, -0/+0Privacy advocates go too far complaining about something as useful as this...it's redunkulous.


    Go back to IE if you want privacy and security.


    No Digg, Reported as Lame.
  • comrade693, on 10/12/2007, -0/+0"But who is to stop the web developer from changing the status bar text to prevent you from seeing it?"

    Firefox does not let a web page change the status bar text.
  • inactive, on 10/12/2007, -0/+0As long as it gets rid of all those annoying redirects that sites use, I've no problems with it. I'd rather see what the actual destination of a link is, rather than looking for embedded urls and meaningless ID numbers.
  • Fetching more discussions...
    Show 51 - 79 of 79 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.